Glossary
ORGN terminology — worktree, session, feature; Scanner vs code security; Trust Domain (not enclave); TEE and ZDR.
Shared vocabulary for developers, security reviewers, and procurement. For the full trust narrative, see Trust model — this page defines terms, not the security argument.
Platform concepts
Worktree
A worktree is an isolated Git working tree — a separate branch and checkout linked to the same repository. ORGN uses worktrees so parallel agent sessions do not overwrite each other's files.
- In CDE, worktrees isolate local and cloud agent streams on separate branches
- In Studio, worktrees are isolated branches inside the project's TDX sandbox (one sandbox per project, shared runtime). A worktree is typically linked to a task and opened as a browser workspace at
/chat/:id
You can create multiple worktrees per project and multiple worktrees for the same task (different attempts). Worktrees consume credits and are metered in team usage views.
See Cloud worktrees and Studio workspace.
Task
A task is a unit of planned work on a project backlog — a feature, bug, refactor, or review. Tasks exist at the project level. When you execute work, you open a worktree (isolated branch) inside the project sandbox and link it to the task for traceability. One task can have many worktrees; each worktree holds one or more sessions (agent chats).
See Tasks and Workspace task panel.
Session
A session is a contiguous agent or chat interaction — the conversation and tool-call history inside a worktree between opening the chat and closing or completing it.
Usage dashboards report session counts alongside agent runs and token totals. Multiple sessions can belong to one project; one worktree may span a primary session and related sub-agent activity.
Code index
A code index is a repository-wide snapshot ORGN builds for agent context — typically a Repomix merge of the codebase stored as a project context document. ORGN Studio triggers indexing automatically on project import; the index records a commit SHA and can fall behind after new commits until you re-index (Dashboard Re-Index, sidebar Reindex Repo, or Context Refresh).
The code index is not your Git working copy. Agents also read live files from the sandbox via tool calls.
In ORGN CDE, @codebase uses a separate workspace semantic index built locally when you open a folder or attach to a cloud worktree. See Origin Agent — workspace semantic index.
Feature
A feature is a scoped unit of product work inside a Studio project — a user-facing capability or epic that tasks and worktrees organize around. Features appear in project navigation (Features tab, task mind map) and help agents maintain context across related tasks.
Features are a project management construct, not a Gateway model name or infrastructure flag.
Security and audit
Trust Domain
A Trust Domain is Intel TDX's isolated execution unit at the VM boundary — encrypted memory inaccessible to the host OS, hypervisor, or cloud operator.
ORGN runs development workloads (CDE, Studio sandboxes) and TEE inference inside Trust Domains. The runtime emits a signed attestation report describing what code is running and that it has not been tampered with.
Do not call Trust Domains "enclaves" in security reviews. SGX enclaves and TDX Trust Domains share a confidentiality goal but differ in scope, deployment model, and attestation mechanism. Using SGX terminology for TDX work erodes credibility with technical buyers.
See Trust model — Compute trust.
TEE (Trusted Execution Environment)
TEE models on ORGN Gateway run on NEAR AI and Phala infrastructure with hardware-enforced isolation. Each request can produce a cryptographic attestation receipt verifiable in ORGN Scanner.
Use TEE when you need independent proof of execution — not a vendor policy claim.
ZDR (Zero Data Retention)
ZDR models route through Vercel AI Gateway to frontier providers under contractual zero-retention agreements. ZDR gives broad model access with strong data-handling terms but no hardware attestation receipt.
See Trust model — Execution environments.
Attestation
Attestation is a signed report proving a workload ran on genuine confidential-compute hardware with expected measurements. ORGN uses attestation for TDX workspaces and TEE inference paths.
Verification steps: Scanner verify, CDE attestation.
Two different "scanners"
ORGN documentation uses "scanner" in two distinct senses. Conflating them causes failed security reviews.
| Term | Product | Question it answers |
|---|---|---|
| ORGN Scanner | scanner.orgn.com | "Did this inference or sandbox run produce verifiable attestation evidence?" |
| Code security (Shannon) | Studio project Security tab | "What vulnerabilities exist in my repository?" |
ORGN Scanner is the audit layer — Explorer, Messages, Requests, verification workflows. It shows metadata and cryptographic hashes. It never shows prompt contents or model outputs.
Code security (sometimes called SecOps or Shannon in internal tooling) is static/dynamic analysis of your source code — CWE findings, remediation guidance, pentest pipeline results. It does not replace attestation verification.
See Trust model — Code security vs ORGN Scanner and Studio code security.
Identity and billing
id-orgn
id-orgn is ORGN's SSO identity provider (id.orgn.com). One id-orgn account spans Studio, CDE, Gateway console, and Scanner. Sign-in uses id-orgn PKCE; Sign in with GitHub and other providers are available on the id-orgn login page.
See SSO.
Credits
Credits are the prepaid currency for pay-as-you-go usage — workspace runtime, worktrees, agent runs, and related consumption. Enterprise seats use agent run hours instead of pure credit metering.
See Pricing.
Team
A team is the collaboration and billing boundary in ORGN Studio. Every project belongs to one team; members must belong to that team to access its projects.
See Teams.
Product names (canonical)
| Legacy / avoid | Use instead |
|---|---|
| Trial (execution unit) | worktree |
| Origin, Stealth | ORGN Studio |
| OLLM (monolith) | ORGN Gateway (API + console) |
| Console.ollm.com | gateway.orgn.com |
| Enclave (for TDX) | Trust Domain |
| SecOps scan (ambiguous) | Code security or ORGN Scanner (pick one by context) |